package com.mazong.servershirobb.config;

import lombok.extern.slf4j.Slf4j;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authc.credential.CredentialsMatcher;
import org.springframework.util.DigestUtils;

import java.util.Objects;

@Slf4j
public class MyCredentialsMatcher implements CredentialsMatcher {

    /**
     * TODO 自定义密码的验证
     * @param token
     * @param info
     * @return
     */
    @Override
    public boolean doCredentialsMatch(AuthenticationToken token, AuthenticationInfo info) {
        //--1 用户输入
        UsernamePasswordToken utoken = (UsernamePasswordToken)token;
        String username = utoken.getUsername();
        String userpass = new String(utoken.getPassword());
        log.info("doCredentialsMatch,username={},userpass={}", username,userpass);

        //--2 数据库用户信息
        String dbPassWord = (String)info.getCredentials();
        String md5pass = DigestUtils.md5DigestAsHex(userpass.getBytes());

        //--3 比较用户的密码
        boolean flag = Objects.equals(dbPassWord, md5pass);

        return flag;
    }
}
